Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Total 34649 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-3047 1 Cisco 37 Scientific Atlanta Dpc2420, Scientific Atlanta Dpc3000\/epc3000, Scientific Atlanta Dpc3008\/epc3008 and 34 more 2013-12-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the web-wizard setup page on Cisco Scientific Atlanta D20 and D30 cable modems allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-3929 1 Cmsmadesimple 1 Cms Made Simple 2013-12-10 2.1 LOW N/A
Cross-site scripting (XSS) vulnerability in admin/editevent.php in CMS Made Simple (CMSMS) 1.11.9 allows remote authenticated users with the "Modify Events" permission to inject arbitrary web script or HTML via the handler parameter.
CVE-2013-4171 1 Apache 1 Roller 2013-12-09 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to the search results in the (1) RSS and (2) Atom feed templates.
CVE-2013-6804 1 Jamroom 1 Search Module 2013-12-06 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Search module before 1.1.1 for Jamroom allows remote attackers to inject arbitrary web script or HTML via the search_string parameter to search/results/all/1/4.
CVE-2013-4624 1 Jahia 1 Jahia Xcm 2013-11-29 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Jahia xCM 6.6.1.0 before hotfix 7 allow remote attackers to inject arbitrary web script or HTML via (1) the site parameter to engines/manager.jsp, (2) the searchString parameter to administration/ in a search action, or the (3) username, (4) firstName, (5) lastName, (6) email, or (7) organization field to administration/ in a users action.
CVE-2013-3920 1 Jahia 1 Jahia Xcm 2013-11-29 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in Jahia xCM before 6.6.2 allows remote authenticated users to inject arbitrary web script or HTML via the "about me" field.
CVE-2013-4573 1 Mediawiki 1 Mediawiki 2013-11-27 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the ZeroRatedMobileAccess extension for MediaWiki 1.19.x before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to inject arbitrary web script or HTML via the "to" parameter to index.php.
CVE-2013-6870 1 Splunk 1 Splunk 2013-11-27 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-3394 1 Cisco 1 Prime Network Registrar 2013-11-27 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the web interface in Cisco Prime Network Registrar 8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted field, aka Bug ID CSCuh41429.
CVE-2013-6342 1 Tweet-blender 1 Tweet-blender 2013-11-25 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Tweet Blender plugin before 4.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tb_tab_index parameter to wp-admin/options-general.php.
CVE-2013-6348 1 Apache 1 Struts 2013-11-25 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.3.15.3 allow remote attackers to inject arbitrary web script or HTML via the namespace parameter to (1) actionNames.action and (2) showConfig.action in config-browser/.
CVE-2013-4713 1 Iodata 2 Rockdisk, Rockdisk Firmware 2013-11-21 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-6793 1 Olat 1 Olat 2013-11-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Calendar module in Olat 7.8.0.1 (b20130821 N1) allow remote attackers to inject arbitrary web script or HTML via the (1) event name or (2) date field.
CVE-2013-6794 1 Olat 1 Olat 2013-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Calendar module in Olat 7.8.0.1 (b20130821 N1) allows remote attackers to inject arbitrary web script or HTML via the Location field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2013-6019 1 Tylertech 1 Taxweb 2013-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to inject arbitrary web script or HTML via the accountNum parameter to an unspecified component.
CVE-2013-5996 1 Lockon 1 Ec-cube 2013-11-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in shopping/payment.tpl components in LOCKON EC-CUBE 2.11.0 through 2.13.0 allow remote attackers to inject arbitrary web script or HTML via crafted values.
CVE-2013-5992 1 Lockon 1 Ec-cube 2013-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to inject arbitrary web script or HTML by leveraging incorrect handling of error-message output.
CVE-2013-4507 1 Collectiveaccess 2 Pawtucket, Providence 2013-11-20 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in CollectiveAccess Providence and Pawtucket before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-5966 1 Zkoss 1 Zk Framework 2013-11-20 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in ZK Framework before 5.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-0741 1 Percipientstudios 1 Imagen 2013-11-19 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in imagegen.ashx in Percipient Studios ImageGen before 2.9.0 for Umbraco CMS allows remote attackers to inject arbitrary web script or HTML via the font parameter.